Forum Discussion
Solved
Managing Local admin password on windows 11 devices
HI Everyone,
Hope this email finds everyone well !!
Need someone help and experience about how to handle the request for the Local admin password on a devices running on windows 11 and purely azure AD joined.
Since the laps doesn't support cloud and specially windows 11 wider rollout. Could someone help me with a way to manage local admin password on windows 11 devices joined purely to Azure AD,
Hope someone's experience would help me out.
Regards,
Shashi Dubey
- There is no direct replacement for LAPS for AADJ devices. However, Microsoft is working on Cloud LAPS solution. In the meantime, local admins on AADJ devices can be managed through other ways. Maybe this can help. https://rahuljindalmyit.blogspot.com/2022/08/additional-local-administrators-on.html
- https://learn.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
What is actually working is if you have P2 license, you can use PIM and configure Azure AD joined device local administrator role.
When the user PIM for the role it takes a short while but the user become administrator on all devices, you can limit to what devices they become admin, but I would wait for LAPS should be available soon I hope 🙂 - Support request activity account connection
- Thanks a lot for the time and pointers :).
- There is no direct replacement for LAPS for AADJ devices. However, Microsoft is working on Cloud LAPS solution. In the meantime, local admins on AADJ devices can be managed through other ways. Maybe this can help. https://rahuljindalmyit.blogspot.com/2022/08/additional-local-administrators-on.html
- HI Rahul,
Thanks a lot for the amazing article and excellent explained concept for this topic :).
It has been super useful and meanwhile helpful in deciding the solution and approach for my customer in my environment.
Hope to have your valuable support with me in the coming time too :).
Regards,
Shashi Dubey- Another piece to add to this conversation... If you don't want to wait or pay money :). you could also use the leanlaps solution jos lieben (and I) created
When we have a smb customer who doesn't want to invest much... this is what we implement
https://www.lieben.nu/liebensraum/2021/06/lightweight-laps-solution-for-intune-mde/
